I run my HA on docker and connect via a nginx reverse proxy, all on the same RPi.
When I now set ip_ban_enabled: true and do some failed logins, it’s always a docker IP 172.18.0.n which is banned. Even if I set a trusted_proxy, it’s the same:
Than I tried to set the path to the ssl key files. In the docs, it shows to use .pem files: My acme.sh produces fullchain.cer and mydomain.cer which looks like pem formated files:
Nginx is reverse proxy and sends external traffic to HA
From HA perspective the connecting device is nginx server(the docker ip) not the external device ip
You need to set nginx config to basically add headers (or something similar… I forget) so that it properly passes external IP to HA
In nginx, it is the “proxy_set_header” stuff, specifically the “X-Forwarded-For $proxy_add_x_forwarded_for” that does this if I remember correct. Anyway, seems like a good time to review the nginx docs to better understand the lines below to gain better understanding of how it applies to your HA connection. Or just ignore all that and simple make sure your nginx config is correct and has stuff below
Doing this should fix the docker ip getting banned issue. Not sure where you were agoing with the ssl file stuff. Just assumed you thought it was related to ban issues but no, it’s wouldn’t cause the ban.
I had to add the header stuff to my nginx.conf. Perfect. Thanks a lot!
PS: To all who happen to look in here. Save energy i.e. by lowering the room temperatur by 1 degree!
This is the easiest way to harm Putin and his war of aggression.